Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
22.469 exploits
Exploit-DB
WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities
CVE-2019-987921 may 2019
The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever
50RIESGO
abrir
Exploit-DB
WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities
CVE-2019-988021 may 2019
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible,
50RIESGO
abrir
Exploit-DB
WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities
CVE-2019-988121 may 2019
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on
43RIESGO
abrir
Exploit-DB
Apple macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl
CVE-2019-859121 may 2019
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.
23RIESGO
abrir
Exploit-DB
Apple macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free
CVE-2019-862221 may 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS M
23RIESGO
abrir
Exploit-DB
Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
CVE-2019-862321 may 2019
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS M
23RIESGO
abrir
Exploit-DB
Apple macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free
CVE-2019-8605HIGHbajo ataque21 may 2019
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.1
76RIESGO
abrir
Exploit-DB
TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting
CVE-2019-1219521 may 2019
TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking
23RIESGO
abrir
Exploit-DB
GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit)
CVE-2019-1123120 may 2019
An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows
60RIESGO
abrir
Exploit-DB
eLabFTW 1.8.5 - Arbitrary File Upload / Remote Code Execution
CVE-2019-1218520 may 2019
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may
28RIESGO
abrir
Exploit-DB
Cisco Prime Infrastructure Health Monitor HA TarArchive - Directory Traversal / Remote Code Execution
CVE-2019-1821HIGH17 may 2019
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities
78RIESGO
abrir
Exploit-DB
Interspire Email Marketer 6.20 - 'surveys_submit.php' Remote Code Execution
CVE-2018-1955017 may 2019
Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit
23RIESGO
abrir
Exploit-DB
SEL AcSELerator Architect 2.2.24 - CPU Exhaustion Denial of Service
CVE-2018-1060816 may 2019
SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects
23RIESGO
abrir
Exploit-DB
VMware Workstation 15.1.0 - DLL Hijacking
CVE-2019-552616 may 2019
VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by t
23RIESGO
abrir
Exploit-DB
Microsoft Windows - 'Win32k' Local Privilege Escalation
CVE-2019-0803HIGHbajo ataque15 may 2019
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in
83RIESGO
abrir
Exploit-DB
Schneider Electric U.Motion Builder 1.3.4 - 'track_import_export.php object_id' Unauthenticated Command Injection
CVE-2018-7841CRITICALbajo ataque14 may 2019
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code
100RIESGO
abrir
Exploit-DB
OpenProject 5.0.0 - 8.3.1 - SQL Injection
CVE-2019-1160013 may 2019
A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbi
45RIESGO
abrir
Exploit-DB
CyberArk Enterprise Password Vault 10.7 - XML External Entity Injection
CVE-2019-744210 may 2019
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault
35RIESGO
abrir
Exploit-DB
Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery
CVE-2019-765210 may 2019
TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the
23RIESGO
abrir
Exploit-DB
Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting
CVE-2018-2048409 may 2019
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.
23RIESGO
abrir
Exploit-DB
Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting
CVE-2018-2048509 may 2019
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.
23RIESGO
abrir
Exploit-DB
PostgreSQL 9.3 - COPY FROM PROGRAM Command Execution (Metasploit)
CVE-2019-919308 may 2019
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_serve
60RIESGO
abrir
Exploit-DB
Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit)
CVE-2019-5786MEDIUMbajo ataque08 may 2019
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform
90RIESGO
abrir
Exploit-DB
Lotus Domino 8.5.3 - 'EXAMINE' Stack Buffer Overflow DEP/ASLR Bypass (NSA's EMPHASISMINE)
CVE-2017-127408 may 2019
IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated
23RIESGO
abrir
Exploit-DB
Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit)
CVE-2019-2725HIGHbajo ataqueransomware08 may 2019
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supporte
100RIESGO
abrir
Exploit-DB
Prinect Archive System 2015 Release 2.6 - Cross-Site Scripting
CVE-2019-1068507 may 2019
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Heidelberg Prinect Archiver v2013 release 1.0.
23RIESGO
abrir
Exploit-DB
LG Supersign EZ CMS - Remote Code Execution (Metasploit)
CVE-2018-1717306 may 2019
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getT
50RIESGO
abrir
Exploit-DB
iOS 12.1.3 - 'cfprefsd' Memory Corruption
CVE-2019-7286HIGHbajo ataque06 may 2019
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave
76RIESGO
abrir
Exploit-DB
ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution
CVE-2018-2058006 may 2019
The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execute arbitrary Java co
23RIESGO
abrir
Exploit-DB
WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution
CVE-2019-9978MEDIUMbajo ataque03 may 2019
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.